principal
The account name
target_domain object
Optional target domain in which principal exists
Rotate password of this account
marks account to be used as the account through which password rotation takes place, when flag use_main_account set in rotation_metadata
Use user account as host principal name
The account static passphrase or the initial rotating password value. If rotate selected, active in create, disabled/hidden in edit
Identifies the source of the principals object "UI" or "SCAN". Deploy is also treated as "UI".
roles object[]
An array of roles entitled to access this principal on the host
Role UUID
applications object[]
An array of application the principal may launch on the target host
service_options object
Object for service options
ssh object
SSH service options
Shell channel
File transfer channel
exec channel
tunnels
x11
other options
rdp object
RDP service options
file transfer
audio
clipboard
web object
WEB service options
file transfer
audio
clipboard
vnc object
VNC service options
file transfer
clipboard
db object
DB service options
Maximum number of bytes allowed in download direction per connection. Set to zero to disable byte count limiting.
Maximum number of bytes allowed in upload direction per connection. Set to zero to disable byte count limiting.
command_restrictions object
SSH shell/exec command restrictions for the principal
Are command restrictions enabled
default_whitelist object
Default whitelist handle, required if command restrictions are enabled
Whitelist ID
Whitelist name
Has whitelist been deleted, ignored in requests
Restricted shell variant, required if command restrictions are enabled
Possible values: [bash
, posix
]
Optional banner displayed in SSH terminal
If true then commands that do not match any whitelist pattern are allowed to execute
If true then an audit event is generated for every allowed command
If true then an audit event is generated for every disallowed command
whitelists object[]
whitelist object
Whitelist ID
Whitelist name
Has whitelist been deleted, ignored in requests
roles object[]
List of roles granting access to the whitelist
Role ID
Role name
{
"principal": "string",
"target_domain": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"deleted": true
},
"rotate": true,
"use_for_password_rotation": true,
"use_user_account": true,
"passphrase": "string",
"source": "string",
"roles": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}
],
"applications": [
{
"name": "string",
"application": "string",
"arguments": "string",
"working_directory": "string"
}
],
"service_options": {
"ssh": {
"shell": true,
"file_transfer": true,
"exec": true,
"tunnels": true,
"x11": true,
"other": true
},
"rdp": {
"file_transfer": true,
"audio": true,
"clipboard": true
},
"web": {
"file_transfer": true,
"audio": true,
"clipboard": true
},
"vnc": {
"file_transfer": true,
"clipboard": true
},
"db": {
"max_bytes_download": 0,
"max_bytes_upload": 0
}
},
"command_restrictions": {
"enabled": true,
"default_whitelist": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"deleted": true
},
"rshell_variant": "bash",
"banner": "string",
"allow_no_match": true,
"audit_match": true,
"audit_no_match": true,
"whitelists": [
{
"whitelist": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"deleted": true
},
"roles": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string"
}
]
}
]
}
}